In the modern telecommunications space, there are numerous scenarios in which it is desirable to be able to securely store and exchange message content between parties. Scenarios in which this type of functionality is desired include, but are not limited to: electronic commerce, in which the message content may include an asset value or monetary amount; electronic voting, in which the message content may include a voter's election; and remote telemetry, in which the message content may include sensor data and/or control commands.
In all such scenarios, message content is stored in a storage media that is “owned” by a party, and it is desired to transfer or send that message content to a storage media “owned” by another party. The storage media in each case may take any desired form including, for example, a non-volatile memory. The parties involved may be actual people or organizations, or, particularly in the case of remote telemetry systems and the like, an identified station or piece of equipment.
In the context of the present specification, the secure storage and exchange of message contents means that the mechanism for storing and exchanging message content reflects or embodies at least some of the following values:
Security: it should be computationally infeasible for a party to obtain unauthorized access to message content within a store. Similarly, in a case where a party improperly receives message content addressed to another party, it should be computationally infeasible for the receiving party to improperly store that message content to their own storage media.
Irrevocability: When message content is to be transferred from one party to another, a message may be generated which contains the desired message content. The message generation mechanism should preferably operate in such a manner that the message cannot subsequently be revoked by the sending party.
Non-repudiation: A message containing content to be transferred from a sending party to a receiving party should be tagged in such a manner that the sending party cannot plausibly assert that the message was generated and sent by some other party;
Anonymity: The storage and transfer mechanism should operate in such a manner that parties can exchange message content without the intervention of a third party that has knowledge of the identities of the parties to the actual exchange;
Duplicate detection: The message content transfer mechanism should preferably operate in which a way that duplicate messages are detected and handled properly.
It may be noted that it is not essential for all of the above-described values to be present. For example, in some remote telemetry scenarios, the value of “anonymity” may be undesirable, because the identity of the station or equipment that has sent a message may be useful to the recipient. On the other hand, in some cases this anonymity may be useful in that an unauthorized party that improperly receives a content transfer message cannot determine the identity of the sending party by analysing the message. In a remote telemetry scenario, for example, this may prevent a hacker from correlating intercepted telemetry data to the particular station or equipment that sent it. Similarly, in an on-line voting system, anonymity enables the implementation of “secret voting”, while the other virtues of irrevocability, non-repudiation, and duplicate detection allows detection and prevention of election fraud.
In the field of electronic commerce, electronic payment systems are known in the art. A common example of such systems uses a “debit card” issued by a bank to its customers. In a simple transaction, the customer inserts their card into an automated teller machine (ATM), which uses information stored on the card to access the customer's account at the bank. The customer will often be required provide a secret Personal Identification Number (PIN) so that the bank may be assured of the authenticity of the card holder. Upon successful completion of the authentication process, the customer can request various types of transactions, such as cash withdrawals or transfers to another account.
Merchant's Point-of Sale (POS) devices may also be equipped to handle debit-card transactions. In this case, the debit card is inserted into a POS terminal, which uses information stored on the card to initiate a communication session with the customer's bank and send a message to the bank requesting the transfer of a sum of money from the customer's bank account to the merchant's bank account (at the same or a different bank). Upon successful completion of the bank's authentication process (again using the PIN), the bank will verify whether the customer's account contains sufficient funds, and if so the bank will execute the requested transaction.
Credit cards are often used in a directly analogous manner, but in the case of a credit card, the customer's account is a credit facility against which the customer is charged interest on any outstanding balance.
A problem with debit and credit cards is that banks and other card-issuing authorities often levy significant charges or fees for using the card. These fees may be charged to the cardholder, the merchant, or both, depending on the card-issuer's policies. Often, these fees are levied on a per-transaction basis, and significantly increase the costs of doing business for both merchants and card holders.
Another problem with the use of debit and credit cards is that transactions cannot normally be performed in an anonymous manner. That is, the transaction cannot be completed without the intervention of a third party (eg a bank or card-issuer) who knows the identities of both the card-holder and the merchant, and this information is recorded as part of the transaction. While this provides a means of ensuring security and integrity of the system, it also enables the card issuer to compile a detailed record of the card-holder's purchasing history. This record can be mis-used in various ways, without the knowledge or (informed) consent of the card-holder. Accordingly, in many situations consumers would prefer to be able to make payments in an anonymous fashion.
A still further limitation of debit and credit cards is that the card-holder authentication process (entering of the PIN) slows down the process by which a transaction can be requested. This means that debit and credit cards are poorly suited to situation where it is desired to make a very small-valued transaction with minimum delay. Typical examples of such transactions include payment of a bus or subway fare.
What is required is an electronic payments system that more closely resembles the use of cash, in that it does not obviously incur costs when used for payments and enables a user to make anonymous transactions. A particular characteristic of cash is that it operates without reference to any third party, only the sender and the recipient are involved in a particular transaction.
David Chaum addressed some of these issues in “Blind Signatures for Untraceable Payments,” D. Chaum, Advances in Cryptology Proceedings of Crypto 82, D. Chaum, R. L. Rivest, & A. T. Sherman (Eds.), Plenum, pp. 199-203. The idea behind Chaum's work was the concept of a blind digital signature that allowed the creation of electronic bills. A bank for example could create an electronic message protected by a digital signature that would represent the value of say a dollar bill. The digital signature would identify the bank as the issuer of the bill but not the consumer who gets the dollar bill from the bank. In order to make a payment to a merchant the consumer would need to give the merchant a set of these electronic dollar bills representing the cumulative value of the goods. It is clear that the consumer would also need electronic messages representing each coin value from 1 cent to a dollar in the US currency for example.
Apart from the difficulty of managing a suitable set of electronic bills it is clear that it would be easy for a fraudster to make copies of an otherwise genuine electronic dollar bill. It would not be possible to tell the difference between the original digitally signed message and a copy of this message so the system operates in such a way that the issuing bank only accepts the first copy of the bill presented, other copies, perhaps even the correctly authorized version would be rejected. In practice this means that Chaum's scheme has to operate on-line where the merchant can be connected to the issuing bank to be re-assured that payment will be made. Although the scheme looks like a local asset transfer system it cannot in practice be used that way because of the risk of fraud.
U.S. Pat. Nos. 5,623,547 and 5,778,067 describe a system in which users are provided with electronic purses which can be used to store asset value. A bank (or other issuing authority) maintains a special bulk purse, to manage the total amount of asset value in circulation within the system. Asset value can be exchanged between the bulk purse and other purses, and between electronic purses, using a 4 message protocol where each message is digitally signed. This protocol is designed to ensure that duplicate payments are avoided. A limitation of this system is that both parties to a transaction must possess an electronic purse and the means to implement the electronic value transfer protocol. A further limitation is that the four message protocol increases the time required to make a value transfer, which might be unacceptable in some applications such as fare payment in a mass transit system, for example.
An electronic message content storage and transfer system that overcomes at least some of the limitations of the prior art remains highly desirable.